A Flaw In Slack, The Group Messaging App That's Going Viral In Silicon Valley, Exposes The Names Of Chat Rooms To Anybody
View all Offers
When using the Slack client for Mac, Sai discovered that you can visit Slack.com, enter a fake email address with any real company domain (like Apple.com, Google.com, etc.), and you can see all of the internal Slack teams associated with that company.
You can't enter the Slack rooms, but you can see the names of the rooms. As Sam Biddle at Valleywag points out:
Sure, you can't actually join the teams, or see what channels exist within them, or read a single letter that's been exchanged. But I now know there's a Slack team at Google called "Tribe Wearables"-does that mean they acquired this company? Even if this isn't sensitive information, it's still information-and that's not what people are paying Slack to do.
In some cases, performing this maneuver lets you see what these companies are working on. Check it out:
And The New York Times:
And The Wall Street Journal:
And last but certainly not least, Slack:
You can try this with basically any company you can think of - Slack is particularly hot among Silicon Valley startups.
We've reached out to Slack for comment, and the company said it would get back to us shortly.
- WhatsApp won’t work on these phones from November 1: Check the full list
- Shiba Inu hits another all-time-high — now more valuable than Adani Enterprises, Tata Steel and Tech Mahindra
- Shiba Inu is not only bigger than Dogecoin — it’s now bigger than XRP, Polkadot and USD Coin as the seventh-biggest player in the market
- Best budget external hard disk drives under ₹4,000 in India
- IRCTC will lose a chunk of its revenue to the Indian government starting next month
- EaseMyTrip makes its first acquisition in 13 years to strengthen its hotel offerings
- Portugal''s political fate uncertain after govt budget defeat
- Battlegrounds Mobile India gets Dune-themed rewards in new crossover